Your car may be invading your privacy

Mar. 25, 2013
|

Detroit Free Press columnist Matt Helms presses the button to reach an OnStar operator in a Cadillac DeVille in 2008. Data generated by cars, which these days are basically rolling computers, are not regulated by law. / GNS file photo by Patricia Beck

by Chris Woodyard and Jayne O'Donnell, USA TODAY

by Chris Woodyard and Jayne O'Donnell, USA TODAY

If it's a recent model, has a fancy infotainment system or is equipped with toll-booth transponders or other units you brought into the car that can monitor your driving, your driving habits or destination could be open to the scrutiny of others. If your car is electric, it's almost surely capable of ratting you out.

You may have given your permission, or you may be the last to know.

At present, consumers' privacy is regulated when it comes to banking transactions, medical records, phone and Internet use. But data generated by cars, which these days are basically rolling computers, are not.

All too often,"people don't know it's happening," says Dorothy Glancy, a law professor at Santa Clara University in California who specializes in transportation and privacy. "People should be able to decide whether they want it collected or not."

Try as you may to protect your privacy while driving, it's only going to get harder. The government is about to mandate installation of black-box accident recorders, a dumbed-down version of those found on airliners - that remember all the critical details leading up to a crash, from your car's speed to whether you were wearing a seat belt. The devices are already built into 96% of new cars.

Plus, automakers are on their way to developing "connected cars" that constantly crank out information about themselves to make driving easier and collisions preventable.

Privacy becomes an issue when data end up in the hands of outsiders whom motorists don't suspect have access to it, or when the data are repurposed for reasons beyond those for which they were originally intended.

Though the information is being collected with the best of intentions - safer cars or to provide drivers with more services and conveniences - there is always the danger it can end up in lawsuits, or in the hands of the government or with marketers looking to drum up business from passing motorists.

Courts have started to grapple with the issues of whether - or when - data from black-box recorders are admissible as evidence, or whether drivers can be tracked from the signals their cars emit. While the law is murky, the issue couldn't be more clear cut for some.

"You do have a right to privacy in your car," says Khaliah Barnes, administrative law counsel for the Electronic Privacy Information Center, at least when it comes to data from automotive black boxes and infotainment systems.

The chief threats:

â?¢ Electronic data recorders, or EDRs. Known as black boxes for short, the devices have fairly straightforward capabilities. If the car's air bags deploy in a crash, the device snaps into action. It records a vehicle's speed, status of air bags, braking, acceleration. It also detects the severity of an accident and whether passengers had their seat belts buckled.

EDRs make cars safer by providing critical information about crashes, but the data are increasingly being used by attorneys to make points in lawsuits involving drivers.

"It's far more reliable than eyewitness accounts," says Wolfgang Mueller, a Berkley, Mich., plaintiff lawyer and former Chrysler engineer. "It's hard for the carmakers to dispute their own data."

Others aren't so sure. California plaintiff lawyer Don Slavik says no one should assume black boxes "are dispassionate and accurate witnesses." He said he's had "numerous downloads that don't comport with physical reality."

Consider the case of Kathryn Niemeyer, a Nevada woman who sued Ford Motor when her husband, Anthony, died after his car crashed into a tree in Las Vegas.

Her lawyers argued the air bag should have gone off and saved him, but they didn't want the black box data downloaded from the car's EDR admitted into evidence. Their contention: The data "constitute unreliable hearsay," contain multiple errors and aren't verifiable. The court agreed, but Niemeyer lost her case anyway in U.S. District Court.

â?¢ Infotainment systems and on-board computers. The latest in-car entertainment systems provide GPS navigation and instant two-way communication to motorists. But they can also be used to relay information about a car's systems to automakers. And that can invade consumers' privacy, as General Motors found out last year.

OnStar, the General Motors unit that provides in-car communication at the push of a button, proposed a change in its customer agreement last year. The move would have allowed GM to sell information that it collects not only from current subscribers but from cars of customers whose subscriptions to OnStar had ended.

It would have been a sweeping change. Free OnStar - for six months up to three years, depending on the model - comes as standard equipment in most new GM models.

The data would have come from the car's computers, reporting safety and diagnostic information such as fuel economy or the need for oil changes or tire pressure, details that would be shared with dealers or other GM affiliates.

Even though GM says it doesn't sell information to third parties, the proposed change was killed after an outcry. OnStar still can ping batches of cars owned by current subscribers to anonymously look for information about how they are running. That way, GM engineers can monitor the vehicles' systems and remotely tackle issues that arise or find ways to make improvements, the company says.

When customers buy a Chevrolet Volt, a plug-in electric car that also has a gas engine, they are asked to sign an agreement that lets GM anonymously tap the car for information about its performance. Four out of five agree, says Larry Nitz, general manager of GM's electrification program.

As part of its Carwings system that lets owners monitor their electric Leaf cars from their smartphones, Nissan says it collects information on the cars. The automaker can find out about GPS and navigation; speed and distance; driving habits; battery use, charging history and deterioration; electrical system functions; software version; "and other spot data to assist in identifying and analyzing the performance of the Nissan Leaf." Owners must give their permission. The data are stored on a computer in Japan by vehicle identification number, or VIN, without personal information.

The ability of electric cars to track customers' travels and driving habits was dramatically demonstrated last month when Elon Musk, CEO of electric-car maker Tesla Motors, took issue with a critical review of his company's premiere product, the all-electric Model S sedan, in The New York Times.

To refute the review that talked about the angst of running out of electricity and not getting a full recharge on a long trip in cold weather, Musk reconstructed the reporter's journey in a blog post based on data received from the car, including cruise control and cabin temperature settings, and how long the car was allowed to charge.

In defense of his review, Times reporter John Broder wrote that Tesla told him it did "not store data on exact locations where their cars were driven because of privacy concerns. ... Tesla seemed to know that I had driven six-tenths of a mile 'in a tiny 100-space parking lot.' "

â?¢ Transponders and other devices. These days, more commuters are being encouraged to obtain transponders for their cars that allow them to use toll roads or bridges without having to stop and pay. But sometimes, they can be used for other purposes.

In the San Francisco Bay Area, the Metropolitan Transportation Commission not only counts on motorists using FasTrak transponders to pay tolls but also collects data from the devices for traffic studies. If drivers don't want their car to be part of the traffic study, they're offered a Mylar bag that can block transponder signals when the box is not transmitting for toll collection.

Some drivers elect to bring other devices into their cars - fully knowing that they spy on their habits - and are rewarded for doing so.

Progressive Insurance says more than 1 million of its auto insurance policy holders now use its Snapshot monitoring device, which plugs into the dashboard to record data from the car's computers for information about hard-braking incidents and time of day that trips are taken.

Drivers save an average 10% to 15% on their premiums, says David Pratt, Progresssive's general manager for usage-based insurance. To protect users' privacy, the company says it has no ability to track where cars drive and never sells any information to third parties.

Because consumers often opt to give away data when it benefits them, some say privacy issues are no cause for concern. Fears have been "blown out of proportion," says Mukul Verma, a former top GM safety expert who is now a consultant. "I don't think there is any chance of it being used or misused without people's permission."

THE JURY'S STILL OUT

There's a mixed record so far on how data from cars are playing out in court.

On one hand, there's the case of Elva Diaz of Corona, Calif., who was convicted of involuntary manslaughter while drunk. In 2008, her car struck one driven by an 18-year-old college student, who died. Diaz's public defender appealed her conviction, saying the use of data about her speed and braking contained in the vehicle's black box violated her privacy. Last month, an appeals court upheld the conviction.

But privacy advocates point to a U.S. Supreme Court ruling last year in the case of a Washington, D.C., nightclub owner whose Jeep was monitored for weeks by police who had attached a GPS-based tracking device to it. Based on Antoine Jones' movements, he was convicted on cocaine distribution charges. In overturning Jones' conviction, the high court ruled that police should have obtained a warrant.

Privacy cases could proliferate as technology evolves. Automakers are developing systems that let cars digitally talk to each other or with infrastructure, such as bridges or freeway on-ramps, to avoid accidents.

More than 60% of new cars worldwide are expected to have connected capabilities by 2017, up from 11.4% last year, says ABI Research. At the same time, those "connected cars" hold the potential of divulging speed and a variety of data that could be used by law enforcement or others.

Aware of privacy concerns, developers of a proposed nationwide system of connected cars say they are trying to build in safeguards.

The system will be designed to let drivers stay anonymous, to constantly change designators for any particular vehicle every few minutes in order to make sure no driver can be tracked, says Tom Schaffnit of the Vehicle Infrastructure Integration Coalition, which is organizing automakers for the project.

If a nationwide system goes forward that will connect cars to each other and the highway, Schaffnit says, he is confident privacy concerns will be addressed. It's logical: If the government is going to require connected cars, "then you need to be worried about privacy," he says.